Hi All,
I am finding this board really cool and useful
I want to know where I can get good comprehensive tuts on manual un-packing.
Any sites dedicated for this??
(I know risc, stone pages and ofcourse reverser++ )
Have a nice time cracking..
regds
riPPadoGG

Greetings!

Sure, there is many essays on this subject!
E.g. our site:[TRES2000 (http://www.geocities.com/Vienna/Opera/5748/index.htm) , go to EssayDatabase and select unpacking!

Also, there is: tsehp.cjb.net/ (http://tsehp.cjb.net/)

regards
McCodEMaN

http://ebliss.cjb.net

Tks.. mcCodEMan..
That was a cool site. I will have to download the tutorials.. and start crashing my PC..
And EBliss..
I've been to your site. Many times. The idea of crashing the PC was indeed from you But this time I want to unpack the exe in the end.
Your VB tuts are my reference.(truth.. you have all the common __vba* functions analysed somewhere in your tuts..)
I would like more p-code tuts from you..
thanks a LOT...
and happy cracking for the week-end..
regds
doGG

I think you should download ID-Rip.zip from h**p://www.immortaldescendants.org/.

Anyone downloading ID-Zip from the Immortal Descendants site should be advised that it is infected with a virus. It has an OpenMe or ReadMe exe of 12,096 K. I've forgotten what Norton called it, but it was something similar to "Bloodshed." It may not be a white power, but it still may be dangerous to your machine's health.

Maybe, your Norton is too sensitive. Maybe

Hello JMI !

I can't find a "OpenMe or ReadMe exe of 12,096 K" or similar. It contains some exefiles, but all are OK with NAV and under SoftICE.

i just scanned the id zip with my innoculate it pe and found no viruses, either.
jomamameister

Greetings!

I can't help it, have to say it!

Perhaps Norton isn't the best choice today, sure it still scores
well in various tests, but only because of it's pricetag and easy-to use-design!
Norton is not very good at detecting virusinfected files, it's almost better at faking detections. That's not true though, but I hope you understand what I'm trying to say..
A good choice would probably be F-sec. (Avp + F-prot) or just AVP by it self!

regards
McCodEMaN

I don't know enough about the relative effectiveness of the competing Virus Detection software to make an intelligent comment. I can only repeat that when my scheduled full disk scan for Virus was run after I had downloaded the entire Immortal Descendant's site from their web page button for downloading, and before I had opened the portion of their essays that contained the ID-Rip.zip, Norton advised that there were two files that contained a Virus which I believe it identified as "Bloodshed".

I have the two files in "quarantine" and they are both exe files, which with QuickView have a title that contains the name "OpenMe." I do not know very much about Virus code, but the two files definately are exe's. I have no explaination as to why I received them with my download and others didn't, but thought it was prudent to pass on the word, just in case.

Just a follow up on my earlier post. I re-downloaded ID-RIP.zip and uncompressed it to a folder and re-ran Norton AntiVirus on the folder without detecting any virus. This made me wonder how I got the original notification and upon checking into some of the features of Norton Antivirus which I had not used before it provided a report on the files in my quarantine folder.

Although I am relatively sure that when I received the original notification, it identified the folder with ID-Rip.zip and containing the virus, the Norton Antivirus report stated that their "original location" was in my "windows/temp" file, which means they could have come from anything I downloaded on the net in the previous couple of days. I can only assume, since the program was scheduled to run while I was not at the computer, that it somehow mis-identified the folder or I mis-read its description.

In any case there does not appear to be any problem with the ID-RIP.zip file and my apoligies to ID for creating any appearance of a problem, though my intentions were simply to alert the community to a possible problem I thought I had identified. Next time I'll double check the identification of the source before I post any warning on the Board.

what is this ID-rip ??

This might be funny coming from an ID memnber.
Well, I was one before we disbanded...

Damn, btw, I never got a chance to DL the entire
site...

LS

Greetings Lord_Soth!

The ID-rip is a rip of your (ID's) website!

regards
McCodEMaN